This article demonstrates how MySQL 8.0 can enforce password history count and reuse‑interval policies for development and operations users by configuring global parameters and per‑user settings, eliminating the need for external password‑tracking scripts.
This article examines the architecture of WeChat Mini Program platforms, analyzing their definition, advantages, development costs, alternative solutions, and emphasizes that their primary value lies in providing a secure, controllable environment for exposing native capabilities.
This article explains why and how to implement intermediate redirect pages in front‑end projects, covering common scenarios, practical code examples, standardization tips, and security considerations to streamline multi‑team collaborations and cross‑domain navigation.
This tutorial explains the fundamentals of service mesh, details Istio's architecture and core components, and provides step‑by‑step instructions for installing Istio on Kubernetes, deploying a sample microservice application, and using common features such as traffic management, security, observability, and advanced use cases.
This article explains MySQL 8.0's new current‑password validation strategies, showing how to enforce old‑password checks per user or globally, with detailed command‑line examples and options to enable, disable, or customize the behavior for enhanced security.
This guide surveys a range of open‑source tools for unified account management, automated server deployment, DNS services, performance testing, and host security, including LDAP, JumpServer, NIS, Fabric, Ansible, dnsmasq, pdnsd, ApacheBench, TCPcopy, PortSentry, fail2ban, and Google Authenticator, helping administrators streamline operations across Linux environments.
Large‑scale website architecture must balance massive user traffic, data volume, security threats, and rapid feature changes by adopting layered, distributed designs that emphasize high performance, high availability, scalability, extensibility, and agility, employing techniques such as caching, load balancing, clustering, sharding, and service‑oriented components.
This guide presents twenty practical Linux server optimization methods—from kernel elevator tuning and daemon reduction to TCP tweaks, secure backups, and effective monitoring commands—helping administrators enhance reliability, speed, and security while reducing resource consumption.
The article reports on Tencent Cloud’s new Brazil data center launch amid rumors of database leaks and Chinese state directives to limit WeChat use, details recent U.S. trade bans on Chinese tech firms, and announces Alpine Linux 3.15’s discontinuation of MIPS64 support.
Alpine Linux 3.15 introduces disk‑encryption support, UEFI Secure Boot, updated kernels and packages, several significant changes such as gzip‑compressed kernel modules and removed MIPS64 support, and deprecates tools like sudo in favor of doas while warning about the upcoming end‑of‑life for php7.
The article dissects Apple’s FairPlay DRM, detailing its kernel‑driver and daemon decryption workflow, the LC_ENCRYPTION_INFO metadata, per‑user licensing files, LLVM‑level obfuscation techniques such as opaque predicates and control‑flow flattening, and the identified weaknesses that enable reverse‑engineering and key extraction.
This article explains a native image‑snapshot technique for mini‑programs that removes white‑screen delays, makes the first screen appear instantly, supports user interaction, and outlines the implementation steps, suitable scenarios, timing, storage security, accuracy measurement, and performance impact.
A curated collection of high‑quality open‑source Linux projects—including command‑line tools, security guides, tutorials, and web‑based shells—provides clear descriptions, key features, and direct GitHub links to help beginners and seasoned professionals quickly enhance their Linux expertise.
Mozilla’s security team has disabled the malicious ‘Bypass’ and ‘Bypass XM’ Firefox extensions that abused the proxy API, affecting hundreds of thousands of users, and provides steps to identify and remove them while highlighting recent Firefox updates and new security features.
This article examines three Android 11 security vulnerabilities—CVE‑2021‑0485’s picture‑in‑picture resizing flaw, CVE‑2021‑0521’s unprotected package‑visibility API, and CVE‑2021‑0645’s storage‑access bypass—detailing their causes, code examples, and the patches Google released to mitigate them in practice.
Spring Boot 2.6 introduces Cookie SameSite support, reactive session timeout, custom data‑masking rules, automatic Redis pool configuration, richer runtime Java metrics, build‑info personalization, new startup and disk metrics, enhanced Docker image building, and many deprecated properties removed or renamed, improving security and performance.
This article explains why MySQL fails to start on Ubuntu due to AppArmor restrictions and provides two practical solutions: editing the AppArmor profile to grant MySQL directory access or switching AppArmor to complain mode, with full command examples and configuration snippets.
TencentOS AIoT comprises the ultra‑lightweight Tiny RTOS for resource‑constrained devices and the Linux‑based Edge platform for gateways, offering modular kernels, low‑power management, OTA updates, robust security, unified AT communication, ELF loading, containerized AI workloads via TinyKube, extensive protocol bridges, and a thriving open‑source developer ecosystem.
This article presents a comprehensive engineering guide for building a high‑availability, high‑performance, and secure user‑center system that can serve hundreds of millions of users, covering service architecture, API design, sharding, token fallback, data protection, asynchronous processing, and observability.
A recent security breach compromised the popular npm packages coa and rc, injecting ransomware‑capable code that can steal browser passwords, record keystrokes and screenshots, prompting developers to lock specific versions and enable two‑factor authentication to protect their projects.
This guide outlines the typical Linux and Windows environments encountered in security incidents, common threats such as mining and ransomware, and provides a step‑by‑step workflow with essential commands for process, user, network, and file investigation to identify and remediate compromises.
The article provides a comprehensive analysis of China's domestic CPU ecosystem, examining the technical distinctions between architectures and instruction sets, the security implications of relying on foreign designs, and the strategic balance needed between indigenous development and imported technologies to advance the nation's semiconductor industry.
This article explains how cloud‑native technologies enable a unified control plane for Alibaba Cloud ACK clusters and self‑built Kubernetes clusters, detailing the ACK registered‑cluster architecture, one‑way registration, non‑managed security mechanisms, step‑by‑step cluster onboarding, and consistent security governance across environments.
The article introduces Spring’s open‑source nohttp project, which scans, replaces, and blocks HTTP URLs to prevent man‑in‑the‑middle attacks, outlines its modules and usage with an XML configuration example, and also advertises a free Alibaba Cloud server giveaway and a large interview‑question PDF collection.
This article explains the necessity of Single Sign-On (SSO) in multi‑system environments, traces its origins from monolithic web applications to distributed clusters, and describes common implementation approaches for same‑domain and cross‑domain scenarios, including the use of a central authentication center such as CAS.
This guide explains how to create a read‑only login in Microsoft SQL Server, map it to specific databases, assign the db_datareader role, and optionally grant permission to view stored procedures, while also summarizing common server and database roles.
This article explains the concept of JavaScript sandboxing, outlines common use cases, walks through several implementation strategies—from simple eval wrappers to with‑Proxy‑iframe combos—and discusses sandbox escape techniques and how to mitigate them, providing practical code examples throughout.
This article explains several techniques—including program isolation, class file encryption, native code conversion, and various obfuscation methods—to make Java applications harder to decompile and protect intellectual property.
After discovering a suspicious process on one of our self‑built Kubernetes nodes, we traced the intrusion to a misconfigured kubelet that exposed the API, allowing attackers to run a Monero mining script, and we outline the investigation steps and hardening measures to prevent similar breaches.
This guide explains what JWT is, its structure, security best practices, and demonstrates a complete implementation using the JJWT Java library together with Spring Boot and Angular, including Maven setup, filter, controllers, and a front‑end example to authenticate users and enforce role‑based access.
This guide shares practical Linux operations lessons—ranging from cautious command use, rigorous backup habits, and secure SSH configurations to comprehensive monitoring and performance tuning—to help teams avoid costly mistakes and maintain stable, reliable services.
Gartner's 2022 report outlines twelve strategic technology trends—ranging from generative AI and data fabric to cloud‑native platforms, autonomous systems, decision intelligence, composable applications, hyper‑automation, privacy‑enhancing computation, cybersecurity mesh, AI engineering, and total experience—highlighting how data and intelligence will drive enterprise transformation over the next decade.
This tutorial walks through installing the Baota control panel on a Linux cloud server, logging in, setting up a web stack, configuring security, creating websites with IP or domain, managing PHP versions, and customizing panel settings for secure and efficient site deployment.
The article surveys rapidly growing IT positions—from quantum computing engineers and security‑compliance managers to big‑data, analytics, and DataOps engineers—explaining how these roles combine advanced technologies, regulatory expertise, and operational practices to drive business transformation and meet the evolving demands of digital enterprises.
This roundup covers GitLab's 35% Nasdaq debut surge, LinkedIn's planned shutdown of its Chinese platform, the release of Visual Studio 2022 Preview 5 and RC, a Delta Lake guide preview, findings from a cloud‑native security micro‑survey, a second‑edition service mesh guide, and a recommended cloud‑native training course.
This article defines hybrid cloud as an IT architecture interconnecting multiple clouds, distinguishes it from multi‑cloud, examines four common hybrid forms, outlines key characteristics such as elasticity, scalability and security, and presents the five‑connectivity design goals that make hybrid cloud the cornerstone of new infrastructure.
The article explains the iOS code‑signing verification mechanism, why enterprise IPAs built for iOS 15 fail with a signature‑version error, and provides a step‑by‑step guide to re‑sign the package using newer signature formats, along with a deep dive into certificates, provisioning profiles, entitlements and the underlying cryptographic concepts.
This article explains the architecture of a microservice‑centric API gateway, covering its overall placement, request dispatch, conditional routing, API management, rate‑limiting, circuit‑breaking, security policies, monitoring, tracing, and future improvement directions.
This article outlines ten common PHP security threats—including SQL injection, XSS, CSRF, LFI, weak password hashing, MITM, command injection, XXE, improper error reporting, and login rate limiting—explaining how each attack works and providing practical mitigation techniques such as prepared statements, input sanitization, CSRF tokens, and HTTPS.
The article explains cross‑origin restrictions in web development, distinguishes broad and narrow cross‑origin, outlines common scenarios, and compares solutions such as JSONP, CORS, Flash, server proxies, and front‑end techniques like document.domain, hash, window.name, and postMessage, highlighting each method’s pros and cons.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and tokens, details token types such as access and refresh tokens, introduces JWT principles and usage, and discusses security considerations and distributed session‑sharing strategies for modern web applications.
This guide explains how PyArmor encrypts and protects Python scripts through seamless replacement, dynamic encryption, licensing, hardware binding, and packaging, providing step‑by‑step installation, usage commands, project management techniques, and a comprehensive command reference for developers.
This article walks through the design and implementation of a complete captcha solution—including image and SMS verification—using .NET Core, covering background context, code details for generating graphics, unsafe handling, noise lines, caching strategies, rate limiting, validation logic, runtime results, and a link to the full source repository.
This article introduces an open‑source SMS verification module, outlines essential security features such as code expiry, length limits, request throttling, and one‑time use, and provides complete C# implementations for generating, sending, and validating both image and SMS captchas.
A recent incident revealed that a misconfigured kubelet and missing firewall rules allowed an attacker to hijack a node in a self‑built Kubernetes cluster for Monero mining, prompting a detailed post‑mortem and a set of hardening recommendations.
This tutorial shows how to protect sensitive configuration values such as database passwords in a Spring Boot application by integrating the Jasypt library, configuring encryption keys, generating encrypted strings via unit tests or Maven plugin, and securely passing the secret at runtime.
This article explains the fundamentals of authentication, authorization, and credentials, compares cookies, sessions, and token‑based approaches, discusses token and JWT structures, outlines common authentication patterns, and provides practical guidance on their use and pitfalls in distributed systems.
This article introduces Authelia, an open‑source authentication and authorization server that provides two‑factor authentication and single sign‑on, explains how it integrates with reverse proxies like Nginx, Traefik or HAProxy, outlines installation options, showcases its UI and key security features, and shares its GitHub statistics and link.
This article presents a comprehensive overview of an API gateway built on RxNetty, detailing its overall architecture, request routing, conditional routing, API management, rate‑limiting and circuit‑breaking, security policies, monitoring, alerting, tracing, and future improvement considerations within a microservices environment.
The 2021 DORA Accelerate State of DevOps report, based on responses from over 32,000 professionals, reveals new performance metrics, the impact of SRE and security supply‑chain practices, cultural factors affecting burnout, and how cloud adoption continues to drive higher software delivery and organizational performance.
Google’s 2021 DORA Accelerate State of DevOps report, based on over 32,000 professionals, reveals that elite teams dramatically outperform low‑performing teams across deployment frequency, lead time, recovery time and failure rates, while highlighting new reliability metrics, the importance of team culture, SRE, cloud adoption, secure software supply chains and documentation.
Airbnb replaced duplicated, latency‑prone authorization checks in its new service‑oriented architecture by moving them into data services and building Himeji, a Zanzibar‑inspired centralized permission store that uses triple‑based policies, configurable unions, sharded caching, and Aurora backing to deliver sub‑10 ms latency for millions of checks per second with 99.999 % availability.
The article explains how 5G mobile edge computing (MEC) can be deployed in wide‑area and local‑area scenarios, outlines the relevant ETSI and 3GPP standards, and discusses the security threats and protection measures associated with edge nodes and data handling.
Drawing from three and a half years of system administration, this article outlines practical guidelines for safe online operations, data protection, server security, continuous monitoring, performance tuning, and the right mindset to avoid costly mishaps in production environments.
This article presents Douyu's intelligent risk‑control system for live streaming, detailing the security challenges, a multi‑layer algorithm architecture covering content, user‑behavior, gang and device risks, the evolution of models for spam detection, risk scoring, gang identification, sequence analysis, and device fingerprinting, and discusses practical solutions and interpretability techniques.
This article details the architecture, core functions, and implementation techniques of a reactive API gateway built with RxNetty, covering request dispatch, conditional routing, API management, rate limiting, security policies, monitoring, and future optimization directions within a microservices environment.
This article examines how leading Chinese securities firms adopt the CAICT‑led DevOps Capability Maturity Model, presenting detailed case studies, assessment metrics, and improvements in continuous delivery, technical operation, and security that illustrate the model’s industry impact.
A Kubernetes node was compromised for Monero mining due to empty iptables, exposed kubelet API, and a commented‑out security flag, prompting a detailed forensic analysis and a set of hardening steps to secure the cluster against similar attacks.
QR code login lets users authenticate on a PC by scanning a code with a pre‑logged‑in mobile app, using a token‑based system that verifies identity without transmitting passwords, and involves QR generation, status polling, temporary tokens, and final confirmation to securely log in.
This article explains the Android Binder inter‑process communication mechanism, covering its definition, why Android adopts it over traditional Linux IPC methods, and its advantages in performance, stability, and security, while also detailing the underlying Linux concepts and communication steps.
This article explains the purpose, evolution, business logic, design principles, system architecture, permission model, and technical implementation of a payment operation platform that serves internal staff such as developers, testers, product managers, finance, and customer service within a payment company.
The PHP 8.0.10 update, a security‑focused release, addresses numerous core, BCMath, CGI, Date, GD, MySQLi, Opcache, OpenSSL, PDO_ODBC, Phar, Shmop, SimpleXML, Standard, and Streams bugs, and users are encouraged to upgrade to benefit from these fixes.
This guide explains how to use standard Linux utilities and a custom Bash script to view, modify, save, and restore file timestamps, enabling attackers or administrators to conceal or recover evidence of file changes on a server.
This article explains the fundamentals and advanced aspects of cookies and sessions, covering their definitions, use cases, key differences, handling when cookies are disabled, session management in distributed systems, same‑origin policy, cross‑origin requests, and security considerations for interview preparation.
This article explains the fundamentals of QR code login, detailing how QR codes convey identity, the token‑based authentication mechanism, and the step‑by‑step process that enables a mobile device to securely authenticate a PC session without exposing passwords.
This article analyzes three Fastjson deserialization exploit chains—JdbcRowSetImpl, TemplatesImpl, and BasicDataSource—detailing how crafted JSON payloads trigger JNDI lookups, load remote malicious bytecode, and ultimately achieve remote code execution without requiring special Fastjson features.
GitHub permanently disabled password authentication for Git operations on August 13, 2021, urging developers to adopt token‑based methods such as personal access tokens, OAuth, or SSH keys, and outlines the timeline, security benefits, workflow impacts, and steps required to transition.
This article reviews the origin and evolution of CAPTCHAs, examines early applications and OCR attacks, describes the three generations of reCAPTCHA and emerging verification methods, and discusses how CAPTCHAs are used to raise attack barriers, filter malicious traffic, and support risk assessment in modern anti‑fraud systems.
This guide walks through creating a Spring Boot 2.2.11 OAuth2 authorization server that stores tokens in Redis, defines custom client and user entities, configures grant types, and demonstrates testing each flow, complete with code snippets and configuration files.
This guide explains how to integrate OAuth2 with Spring Boot 2.3.10, troubleshoot missing OAuth2AuthorizationRequest in the session, and resolve the issue by adjusting host configuration and domain settings, providing full code snippets and configuration details.
This tutorial walks through setting up Spring Authorization Server 0.2.0 on Spring Boot 2.5.3, covering required dependencies, security configuration, SAS server setup, testing the authorization code flow, token exchange, refresh, and revocation, with complete code snippets and curl commands.
On August 17, Spring announced that Spring Authorization Server has left experimental status and entered the Spring Project family with a production‑ready 0.2.0 release, supporting most of OAuth 2.1 and adding OpenID Connect 1.0 support, and provided a new GitHub repository for developers.
The article demonstrates how to integrate Paddle Serving’s new security‑gateway feature with the open‑source Kong API gateway and its Konga UI, using Docker‑Compose to create a secure, HTTPS‑encrypted, header‑authenticated AI model serving endpoint that hides internal services while supporting high‑concurrency inference.
This guide provides a comprehensive overview of Android system architecture, explains the ADB communication mechanism, presents a detailed Android app testing checklist covering UI, compatibility, installation, OTA, interaction, concurrency, database, interface, performance, security, and other tests, and lists essential ADB commands and monitoring principles.
An extensive compilation of 50 essential computer networking interview questions covering HTTP status codes, request methods, network architecture, DNS resolution, TCP/UDP protocols, security concepts like CSRF and XSS, and detailed explanations of TCP handshakes, congestion control, and encryption mechanisms.
The article reports on recent Chinese tech news—from massive travel‑card queries and ByteDance layoffs to Douyin’s remote‑work policy and a new partnership between Taobao and QQ Music—while spotlighting BC‑Linux V8.2, a CentOS‑compatible OS with dual kernels, performance boosts, and enhanced security.
Learn how to configure Spring Boot Security's remember‑me feature with a persistent token repository, set up the necessary SQL, customize the login page, and understand the underlying authentication flow to prevent duplicate logins and maintain user sessions across browser restarts.
This guide explains common MyBatis SQL injection patterns—LIKE, IN, and ORDER BY—shows how to locate vulnerable $ placeholders in XML mappers, trace them through DAO and controller layers, and confirm exploitation with a crafted request, providing practical steps for secure Java web auditing.
This article outlines the five core competencies—automation, communication and collaboration, cloud computing, security, and operational support—that aspiring DevOps engineers need to master in order to deliver software quickly, reliably, and securely in today’s competitive market.
Apache Cassandra 4.0 has been officially released after a long development cycle, offering higher speed, better scalability, improved consistency, stronger security, reduced latency, and more efficient compression, while supporting enterprise compliance and a new annual release cadence for future stability.
This article examines Coinbase's decision to avoid Kubernetes, tracing container technology history, outlining the operational and security challenges of orchestration platforms, and detailing the company's custom Odin+ASG solution and future considerations for container management.
The article explains the role of an API Gateway as the single entry point for a system, detailing its core modules such as routing, service registration, load balancing, resilience, security, gray‑release, API aggregation and orchestration, and outlines key design, operational, and architectural considerations for building a high‑performance, highly available, and extensible gateway.
This article explains how Nginx implements rate limiting using the leaky‑bucket algorithm, walks through basic and advanced configurations—including zones, burst, nodelay, whitelists, multiple limits, logging, custom status codes, and request denial—while providing complete configuration examples.
This article explains how OpenID Connect (OIDC) builds on OAuth 2.0 to provide authentication, demonstrates a practical Keycloak integration with a Spring Boot app, and walks through a complete authorization flow for a photo‑storage service using client credentials and secure token exchange.
This article explains the lightweight JWT specification, its three-part structure (header, payload, signature), how to create and encode tokens with example code, the purpose of signatures, security considerations, suitable use cases, and a step‑by‑step authentication flow comparing JWT with traditional session storage.
This article details the design and implementation of a reactive API gateway built on RxNetty, covering its overall architecture, request dispatch, conditional routing for gray releases, API management, rate limiting, circuit breaking, security policies, and integrated monitoring and tracing capabilities.
This tutorial explains how to download, configure, and use the PHP GoogleAuthenticator class for two‑factor authentication in a ThinkPHP 6 environment, including code examples for generating secrets, QR‑code URLs, storing them, and verifying user tokens.
This guide walks through adding Spring Boot Actuator to a project, configuring default and custom endpoints, securing shutdown operations, and demonstrates practical code snippets and curl commands for monitoring and managing a Spring Boot application.
Fav-up is a Python‑based utility that combines Shodan data and website favicons to help security researchers uncover the true IP addresses of target services, offering flexible command‑line options, module integration, and output formats for comprehensive IP discovery.
This article details the architecture and implementation of a high‑concurrency API gateway built on RxNetty, covering request routing, conditional routing, API management, rate limiting, circuit breaking, security policies, monitoring, tracing, and future enhancements within a microservices environment.
Spring GraphQL 1.0 introduces seamless integration of GraphQL Java with Spring, offering HTTP and WebSocket handlers, security annotations, exception resolvers, testing utilities, metrics, Querydsl support, and a schema‑first approach, while outlining the roadmap and resources for developers.
The talk explains how a purpose‑built microVMM like Firecracker—an ultra‑lightweight, Rust‑based virtual machine monitor running on KVM—delivers the strong isolation, millisecond‑scale startup, and high‑density performance essential for modern serverless platforms, while outlining current benchmarks and future enhancements.
The article introduces Security Chaos Engineering (SCE) as a proactive experimental approach to uncover security control failures, discusses the limitations of traditional red/blue/purple team exercises, outlines SCE's advantages, and presents the open‑source ChaoSlingr framework as a practical implementation example.
A simple typo when using pip can install a malicious PyPI package that hides cryptomining code, and security researchers have uncovered dozens of such deceptive packages, highlighting the supply‑chain risks of Python's package ecosystem and offering practical mitigation steps.
Hybrid cloud combines public, private, and on‑premises IT resources, offering elasticity, scalability, security, and integrated management; this article defines hybrid cloud, distinguishes it from multi‑cloud, outlines common hybrid models, and discusses architectural goals such as five‑connectivity, design considerations, and its role in new infrastructure initiatives.
This article demystifies cryptography by explaining fundamental concepts, tracing its history from ancient substitution ciphers to modern symmetric and asymmetric algorithms, and providing complete Java code examples for DES, AES, RSA, signing, verification, and hashing techniques.
This article explains what Spring Boot Actuator is, how to quickly add and configure it, details the available endpoints, illustrates common security pitfalls such as exposing sensitive configuration, and provides practical recommendations to safely use Actuator in production environments.
This article explains the fundamentals and query process of the Domain Name System (DNS), then details Qunar's evolving DNS architecture—including the initial system, DNSDB management, DNS view, EDNS, HTTPDNS, and intelligent traffic switching—highlighting operational automation and security enhancements.
The article outlines typical ways PHP projects mishandle sensitive data—such as storing passwords in plain text, transmitting credentials without encryption, using weak hashing algorithms, and exposing server details—and provides practical configuration and coding measures to secure data at rest and in transit.
This article analyses various client‑side authentication scenarios, classifies token types such as password, session, and API tokens, compares their cost, risk, and controllable attributes, and proposes a layered token architecture to improve security, privacy, and usability across multiple platforms.
